This request will track the application, approvals, and implementation for @Jclark-ctr's shell account.
Groups requested: datacenter-ops. This is a more limited group and only has sudo rights for those actions deemed needed for the datacenter operations on-site work. (Not everyone gets root automatically, and all but advanced in os troubleshooting can be done with datacenter-ops group. Both Papaul and Willy are also members of this group.
Full Name: John Clark
Purpose for access: @Jclark-ctr is our part time contractor for on-site work in ops-eqiad, assisting @Cmjohnson with the eqiad on-site work. He will need this access to connect to systems, rebuild raid arrays, and troubleshoot/repair hardware issues.
Wikitech user: jclark
Wikitech UID: 21780
SRE Clinic Duty Checklist for Access Requests
Most requirements are outlined on https://wikitech.wikimedia.org/wiki/Requesting_shell_access
This checklist should be used on all access requests to ensure that all steps are covered. This includes expansion to access. Please do not check off items on the list below unless you are in Ops and have confirmed the step.
- - User has signed the L3 Acknowledgement of Wikimedia Server Access Responsibilities Document.
- - User has a valid NDA on file with WMF legal. (This can be checked by Operations via the NDA tracking sheet & is included in all WMF Staff/Contractor hiring.)
- - User has provided the following: wikitech username, preferred shell username, email address, and full reasoning for access (including what commands and/or tasks they expect to perform.
- - User has provided a public SSH key. This ssh key pair should only be used for WMF cluster access, and not share with any other service (this includes not sharing with WMCS access, no shared keys.)
- - access request (or expansion) has sign off of WMF sponsor/manager (sponser for volunteers, manager for wmf staff) - This requires @wiki_willy sign off as @Jclark-ctr's manager
- - 3 business day wait must pass with no objections being noted on the task
- - sudo group additions are approved by the manager/team that handles that service group. - this request requires approval by @wiki_willy as the DC Ops manager and manager of the dc-ops service group.
- - Patchset for access request - please note @Jclark-ctr is in the ldap section of the admins module, please move up to shell section for this patchset - https://gerrit.wikimedia.org/r/525847